#!/bin/bash

# 临时禁用IP转发
echo 0 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv6/conf/all/forwarding 2>/dev/null

# 永久禁用IPv4转发
if grep -q "^net.ipv4.ip_forward" /etc/sysctl.conf; then
    sed -i 's/^net.ipv4.ip_forward.*/net.ipv4.ip_forward=0/' /etc/sysctl.conf
else
    echo "net.ipv4.ip_forward=0" >> /etc/sysctl.conf
fi

# 永久禁用IPv6转发
if grep -q "^net.ipv6.conf.all.forwarding" /etc/sysctl.conf; then
    sed -i 's/^net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=0/' /etc/sysctl.conf
else
    echo "net.ipv6.conf.all.forwarding=0" >> /etc/sysctl.conf
fi

# 应用配置
sysctl -p >/dev/null 2>&1

echo "IP转发禁用配置完成"